Vietnam Rejects Google Cyber-attack Charges

The Vietnamese government refuted charges of a cyber-attack targeting opponents of a Chinese-backed mining operation, calling Google's comments "groundless." According to McAfee, the attack created a botnet of infected Windows PCs and launched distributed denial-of-service attacks against certain political blogs.

The Vietnamese government rebuffed charges by Google that Vietnamese PC
owners were being targeted
by attackers.
The comments, posted online Saturday, were in response to a blog post by a
member of Google's security team outlining a malware attack. According to
Google's Neel Mehta, the infected computers were used to build a botnet that
launched distributed denial-of-service (DDoS) attacks against blogs belonging
to critics of a Chinese-backed mining operation in Vietnam.

"Such comments are groundless," said Vietnamese Foreign Ministry
spokesperson Nguyen Phuong Nga, in
a statement. "We have on many occasions clearly expounded our view on
issues relating to access to and use of information and information technology,
including the Internet. Vietnam
law puts in place specific regulations against computer virus and malware as
well as on information security and confidentiality."

Google was not the only company to mention the attack. Researchers at McAfee
said the malware was disguised
as the keyboard driver VPSKeys, which is popular among Vietnamese users and
is used to insert accents at the appropriate locations when using Windows. Once
a machine was infected, it became part of a botnet with about a dozen command
and control servers located around the globe, McAfee reported. The command and
control servers were accessed predominantly from IP addresses inside Vietnam.
"Specifically, these attacks have tried to squelch opposition to
bauxite mining efforts in Vietnam,
an important and emotionally charged issue in the country," Mehta wrote
in his blog post.
There has been opposition in Vietnam
to bauxite mining efforts backed by the Vietnamese government and
state-run Chinese aluminum firm Chinalco. Though neither Google nor McAfee
accused China
or Vietnam of
direct involvement in the attacks, the political nature of the attacks has become another
foil in the ongoing debate over state-sponsored cyber-activity that gained
steam in the wake
of the Aurora attacks reported by Google. Though the Vietnamese attacks were
initially thought to be related, it is now believed that the Aurora
attacks were smaller than previously thought.
"We suspect the effort to create [this] botnet started in late 2009,
coinciding by chance with the Operation Aurora attacks," McAfee CTO
George Kurtz blogged March 30. "While McAfee Labs identified the malware during
our investigation into Operation Aurora, we believe the attacks are not
related. The bot code is much less sophisticated than the Operation Aurora
attacks. It is common bot code that could use infected machines to launch
distributed denial of service attacks, monitor activity on compromised systems
and for other nefarious purposes."
Meanwhile, security researchers with the University
of Toronto issued
a report today dissecting a cyber-espionage network traced to Chinese-based
hackers that compromised government, business and academic systems in India,
the office of the Dalai Lama and the United Nations. The report did not
accuse the Chinese government of any involvement.
''We have from time to time heard this kind of news. I don't know the
purpose of stirring up these issues,'' Foreign Ministry spokeswoman Jiang Yu
told a regular press conference in response to questions about the report, according
to the Associated Press. ''We are firmly opposed to various kinds of
hacking activities through the Internet."